Many companies are still failing to protect against the most common threats TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. Many companies are still failing to protect against the most common threats By Sead Fadilpašić published 4 August 2022 Businesses are making it easy for crooks (Image credit: wk1003mike / Shutterstock ) Audio player loading… When hackers want to access a target network, they are most likely to launch a phishing attack, exploit known software vulnerabilities or simply brute-force their way in through the remote desktop protocol (RDP). This is according to a new report from Palo Alto Networks' cybersecurity arm, Unit 42. In its latest paper, the company says these three make up more than three quarters (77%) of all suspected root causes for intrusions. Drilling deeper, Unit 42 found that more than half (55%) of all successful software vulnerability exploits leveraged ProxyShell (55%), followed by Log4j (14%), SonicWall (7%), ProxyLogon (5%) and Zoho ManageEngine ADSelfService Plus (4%). However, businesses could have done a lot more to stay safe. Out of 600 incident response cases Unit 42 analyzed for the report, businesses lacked multi-factor authentication on critical internet-facing systems in half of cases. Meanwhile, more than a quarter (28%) had poor patch management procedures and 44% did not have an endpoint protection service in place. BEC and ransomware Once they gain access, threat actors will engage either in business email compromise (BEC) or ransomware attacks. The average amount stolen through BEC was $286,000, the report said, while for ransomware, the highest average demand was in finance at nearly $8 million. A new ransomware victim gets their data posted on leak sites every four hours now, the report found. That's why, the researchers claim, identifying ransomware activity early is crucial. Read more> Business email attacks are now a multi-billion dollar industry (opens in new tab) > Proofpoint wants to kill off BEC attacks (opens in new tab) > Our list of the best antivirus services around Usually, the attackers spend up to 28 days on the target network, identifying endpoints (opens in new tab) and key data, before actually deploying any ransomware. "Right now, cybercrime is an easy business to get into because of its low cost and often high returns. As such, unskilled, novice threat actors can get started with access to tools like hacking-as-a-service becoming more popular and available on the dark web," said Wendi Whitmore, SVP and head of Unit 42 at Palo Alto Networks. "Ransomware attackers are also becoming more organized with their customer service and satisfaction surveys as they engage with cybercriminals and the victimized organizations."These are the best firewalls (opens in new tab) at the moment Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie3Google Pixel Tablet is what Apple should've done ages ago4RTX 4090 too expensive? Nvidia resurrects another old favorite5More than one million credit card details leaked online1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2iPhone 15 tipped to come with an upgraded 5G chip3If this feature succeeds for Modern Warfare 2, Microsoft can't ignore it4Apple October launches: the new devices we might see this month5The Rings of Power episode 8 trailer feels like one big Sauron misdirect Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)